sniffer-gen.sh 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. #!/usr/bin/env bash
  2. #set -x
  3. # Run this script from the wolfSSL root
  4. if [ ! -f wolfssl/ssl.h ]; then
  5. echo "Run from the wolfssl root"
  6. exit 1
  7. fi
  8. server_pid=0
  9. tcpdump_pid=0
  10. cleanup() {
  11. if [ "$server_pid" -ne 0 ]; then kill $server_pid; server_pid=0; fi
  12. if [ "$tcpdump_pid" -ne 0 ]; then sleep 1; kill -15 $tcpdump_pid; tcpdump_pid=0; fi
  13. }
  14. trap cleanup EXIT INT TERM HUP
  15. set -o pipefail
  16. prepend() { # Usage: cmd 2>&1 | prepend "sometext "
  17. while read line; do echo "${1}${line}"; done
  18. }
  19. run_test() { # Usage: run_test <cipher> [serverArgs [clientArgs]]
  20. echo "Running test $1"
  21. CIPHER=$1
  22. if [ "$CIPHER" != "" ]; then
  23. CIPHER="-l $CIPHER"
  24. fi
  25. stdbuf -oL -eL ./examples/server/server -i -x $CIPHER $2 2>&1 | prepend "[server] " &
  26. server_pid=$!
  27. ((server_pid--)) # Get the first PID in the pipe
  28. sleep 0.1
  29. stdbuf -oL -eL ./examples/client/client $CIPHER $3 2>&1 | prepend "[client] "
  30. RET=$?
  31. if [ "$RET" != 0 ]; then
  32. echo "Error in test: $RET"
  33. exit $RET
  34. fi
  35. kill $server_pid; server_pid=0
  36. echo "Test passed: $1"
  37. }
  38. run_sequence() {
  39. if [ "$1" == "tls13-dh" ] || [ "$1" == "tls13-ecc" ] || [ "$1" == "tls13-keylog" ]; then # TLS v1.3
  40. run_test "TLS13-AES128-GCM-SHA256" "-v 4" "-v 4"
  41. run_test "TLS13-AES256-GCM-SHA384" "-v 4" "-v 4"
  42. run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4" "-v 4"
  43. elif [ "$1" == "tls12" ] || [ "$1" == "tls12-keylog" ]; then # TLS v1.2
  44. run_test "ECDHE-ECDSA-AES128-GCM-SHA256" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
  45. run_test "ECDHE-ECDSA-AES256-GCM-SHA384" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-key.pem -c ./certs/intermediate/server-chain-ecc.pem -V" "-v 3 -A ./certs/ca-ecc-cert.pem -k ./certs/ecc-client-key.pem -c ./certs/intermediate/client-chain-ecc.pem -C"
  46. elif [ "$1" == "tls13-dh-resume" ] || [ "$1" == "tls13-ecc-resume" ]; then # TLS v1.3 Resumption
  47. run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r" "-v 4 -r"
  48. run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r" "-v 4 -r"
  49. run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r" "-v 4 -r"
  50. elif [ "$1" == "tls13-x25519" ]; then # TLS v1.3
  51. run_test "TLS13-AES128-GCM-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
  52. run_test "TLS13-AES256-GCM-SHA384" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
  53. run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
  54. elif [ "$1" == "tls13-x25519-resume" ]; then # TLS v1.3 x25519 Resumption
  55. run_test "TLS13-AES128-GCM-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
  56. run_test "TLS13-AES256-GCM-SHA384" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
  57. run_test "TLS13-CHACHA20-POLY1305-SHA256" "-v 4 -r -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-priv.pem -A ./certs/ed25519/client-ed25519.pem" "-v 4 -r -c ./certs/ed25519/client-ed25519.pem -k ./certs/ed25519/client-ed25519-priv.pem -A ./certs/ed25519/root-ed25519.pem"
  58. elif [ "$1" == "tls13-hrr" ]; then # TLS v1.3 Hello Retry Request
  59. run_test "" "-v 4 -g" "-v 4 -J"
  60. else
  61. echo "Invalid test"
  62. exit 1
  63. fi
  64. }
  65. run_capture() {
  66. local config_flags=()
  67. echo -e "\nconfiguring and building wolfssl ($1)..."
  68. # Add default flags
  69. config_flags+=(--enable-sniffer)
  70. # If additional arguments are provided, add them to the array
  71. if [ -n "$2" ]; then
  72. # Convert string into an array, respecting quoted strings as a single element
  73. eval "config_flags+=($2)"
  74. fi
  75. ./configure "${config_flags[@]}" 1>/dev/null || exit $?
  76. make 1>/dev/null || exit $?
  77. if [[ "$1" == "tls12-keylog" || "$1" == "tls13-keylog" ]]; then
  78. rm -f ./sslkeylog.log
  79. fi
  80. echo "starting capture"
  81. tcpdump -i lo -n port 11111 -w ./scripts/sniffer-${1}.pcap -U &
  82. tcpdump_pid=$!
  83. run_sequence $1
  84. sleep 1
  85. kill -15 $tcpdump_pid; tcpdump_pid=0
  86. if [[ "$1" == "tls12-keylog" || "$1" == "tls13-keylog" ]]; then
  87. cp ./sslkeylog.log ./scripts/sniffer-${1}.sslkeylog
  88. fi
  89. }
  90. run_capture "tls12" ""
  91. run_capture "tls12-keylog" "--enable-enc-then-mac=no --enable-keylog-export CFLAGS='-Wno-cpp -DWOLFSSL_SNIFFER_KEYLOGFILE'"
  92. run_capture "tls13-keylog" "--enable-keylog-export CFLAGS='-Wno-cpp -DWOLFSSL_SNIFFER_KEYLOGFILE'"
  93. run_capture "tls13-ecc" ""
  94. run_capture "tls13-ecc-resume" "--enable-session-ticket"
  95. run_capture "tls13-dh" "--disable-ecc"
  96. run_capture "tls13-dh-resume" "--disable-ecc --enable-session-ticket"
  97. run_capture "tls13-x25519" "--enable-curve25519 --disable-dh --disable-ecc"
  98. run_capture "tls13-x25519-resume" "--enable-curve25519 --disable-dh --disable-ecc --enable-session-ticket"
  99. run_capture "tls13-hrr" "--disable-dh CFLAGS=-DWOLFSSL_SNIFFER_WATCH"
  100. echo "Tests passed in $SECONDS seconds"